VPN Configuration Overview

Authentication, Authorization and Accounting Configuration

The XSR’s AAA implementation handles all authentication, authorization and accounting of users (Remote Access) and peer gateways (Site-to-Site). The components include:

Usernames and passwords for authentication

Associated group name for authorization of network services

IP addressing, including:

Virtual addresses from a local IP pool

DNS (primary and secondary) for remote access clients

WINS (primary and secondary) for remote access clients

Encryption settings for PPTP remote access clients

AAA per interface (for clients), for PPP, and debugging

Configuration for standard RADIUS. In addition to all the necessary values for communicating securely with a RADIUS server, the XSR permits specifying a backup RADIUS server for authentication failover. Refer to the table below for supported attributes.

Table 14-2 XSR-Supported RADIUS Attributes

Authentication

Accounting

Vendor-Specific

 

 

 

User-Name (1)

Acct‐Status‐Type (40)

MSCHAP Response (1)

 

 

 

User‐Password (2)

Acct‐Input‐Octets (42)

MSCHAP Error (2

 

 

 

NAS‐IP‐Address (4)

Acct‐Output‐Octets (43)

MSCHAP Domain (10)

 

 

 

Framed‐IP‐Address (8)

Acct‐Session‐Id (44)

MSCHAP Challenge (11)

 

 

 

Framed‐IP‐Netmask (9)

Acct‐Session‐Time (46)

MSCHAP MPPE Keys (12)

 

 

 

Framed‐MTU (12)

Acct‐Input‐Packets (47)

MPPE Send Key (16)

 

 

 

Reply‐Message (18)

Acct‐Output‐Packets (48)

MPPE Receive Key (17

 

 

 

Class (25)

Acct‐Terminate‐Cause (49)

MSCHAP2 Response (25)

 

 

 

State (24)

 

MSCHAP2 Success (26)

 

 

 

Vendor‐Specific (26)

 

 

 

 

 

NAS‐Identifier (32)

 

 

 

 

 

Login‐LAT‐Group (36

 

 

 

 

 

NAS‐Port‐Type (61)

 

 

 

 

 

EAP‐Message (79

 

 

 

 

 

Message‐Authenticator (80)

 

 

 

 

 

XSR User’s Guide 14-25

Page 347
Image 347
Enterasys Networks X-PeditionTM manual Authentication, Authorization and Accounting Configuration, User-Name